JavaScript Security Bug in Opera

A critical vulnerability has been discovered in the Opera Web browser.

The vulnerability, which has been assigned the CVE ID CVE-2007-4367 could be exploited by attackers to execute arbitrary malicious code. The bug, which has not yet been precisely specified, occurs on executing JavaScript code and can lead to a virtual function being called with an invalid pointer. An attacker would need to trick an Opera user into visiting a carefully crafted website to run the exploit.

Both security professionals Secunia and Opera regard the bug as highly critical. The vulnerability affects all older versions prior to 9.22 independently of the operating system platform. Opera users are advised to update to version 9.23 of Opera which was released yesterday. Besides the fix, the new version also includes stability enhancements. The browser is available from the Norwegian developer's website.